Privacy Policy

1. TERMS AND DEFINITIONS

Personal Data (PD) — any information relating directly or indirectly to an identified or identifiable natural person (personal data subject).

Processing of Personal Data — any action (operation) performed with personal data, including collection, systematization, accumulation, storage, clarification (updating, modification), use, dissemination (including transfer), depersonalization, blocking.

Confidentiality of Personal Data — a mandatory requirement for the designated responsible person who has gained access to personal data not to allow its dissemination without the consent of the subject or other legal grounds.

Dissemination of Personal Data — actions aimed at transferring personal data to a certain circle of persons (transfer of personal data) or at making personal data available to an unlimited number of persons, including publishing personal data in the media, placing it in information and telecommunication networks, or providing access to personal data in any other way.

Use of Personal Data — actions (operations) with personal data performed to make decisions or take other actions that produce legal consequences regarding personal data subjects or otherwise affect their rights and freedoms or the rights and freedoms of other persons.

Blocking of Personal Data — temporary cessation of the collection, automation systems, accumulation, use, dissemination of personal data, including its transfer.

Destruction of Personal Data — actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system or as a result of which the physical media containing personal data are destroyed.

Depersonalization of Personal Data — actions as a result of which it becomes impossible to determine the belonging of personal data to a specific subject without the use of additional information.

Publicly Available Personal Data — personal data to which an unlimited number of persons are granted access with the consent of the subject or which are not subject to the confidentiality requirement under federal laws.

Information — data (messages, facts) regardless of the form of their presentation.

Client (Personal Data Subject) — an individual, a visitor to the website https://ecoway.asia/, including a registered user of the Service (Contractor, Customer, Corporate User).

Website — a set of electronic pages interconnected and published using software and hardware on the global Internet, available at a unique electronic address — domain name: https://ecoway.asia/, containing graphic, textual, audio, video, and any other information about the Customer, its products and/or services.

"Djem Rabota" Service (Software Package "Djem Rabota"), hereinafter referred to as the Service — a software and hardware complex for electronic devices (including computers and mobile devices) accessible via the Internet, including through a Mobile Application, which allows the Customer to place Service Requests for Contractors, automatically process them, and communicate such Requests to Contractors in order to conclude a Service Agreement.

General Terms of Service Use — posted at: https://ecoway.asia/offer — a document regulating the operation of the Service and the interaction between Contractors, Customers, and the Operator.

Contractor — a person using a special tax regime in accordance with Federal Law No. 422-FZ of 27.11.2018 on the Professional Income Tax (self-employed), who concludes or wishes to conclude a Service Agreement with the Customer in accordance with the laws of the Russian Federation and the Operator's Regulatory Documents.

Customer — a legal entity that has concluded an agency agreement with the Operator and with whom the Contractor concludes or wishes to conclude a corresponding Service Agreement.

Operator — Limited Liability Company "VFM Technology" (OGRN 1217700003586, Registered Address: 121205, Moscow, Skolkovo Innovation Center Territory, Bolshoy Blvd., 42, bld. 1), ensuring the operation of the Service and holding exclusive rights to the Service.

2. GENERAL PROVISIONS

2.1. This Privacy Policy (hereinafter referred to as the "Policy") has been developed in accordance with the Constitution of the Russian Federation, the Civil Code of the Russian Federation, the Federal Law "On Information, Information Technologies and Information Protection," Federal Law No. 152-FZ "On Personal Data," and other federal laws.

2.2. The purpose of this Policy is to establish the procedure for processing and protecting the personal data of all Clients whose data are subject to processing by the Operator’s Service; to ensure the protection of human and civil rights and freedoms when processing their personal data, including the right to privacy, personal and family secrets; as well as to establish the liability of officials who have access to personal data for failure to comply with the requirements of the regulations governing the processing and protection of personal data.

2.3. Use of the Service constitutes the Client’s unconditional acceptance of this Policy and the terms of processing their personal information specified herein. If the Client does not agree with these terms, they must refrain from using the Service. By starting to use the Service, including by registering, the Client confirms that they:

• Have fully read the text of this Privacy Policy;
• Fully and unconditionally agree to the terms set forth in this Privacy Policy without any reservations or exceptions;
• Grant the Operator their consent to the processing, transfer, and storage of personal data as set out in Appendix No. 1 to this Privacy Policy;
• Grant the Operator their consent to the dissemination of personal data as set out in Appendix No. 2 to this Privacy Policy;
• Acknowledge that the Client’s means of identification and authentication are sufficient to determine the person from whom the corresponding documents and actions in the Service originate; agree that authentication data is recognized as equivalent to the Client’s handwritten signature, and actions performed with the Client's personal data using authentication data generate legal consequences equivalent to those arising from the use of handwritten signatures in accordance with the laws of the Russian Federation; and all documents related to execution and certified by such equivalent of a handwritten signature are considered equal to documents in paper form signed in person by the respective Party. In the event of disputes regarding the existence and/or authenticity of such an equivalent signature, the burden of proof lies with the Party that disputes the existence and/or authenticity of the equivalent handwritten signature.
   

2.4. Procedure for the implementation and amendment of the Policy.

2.4.1. This Policy comes into force upon its approval by the General Director of the Company and remains in effect indefinitely until replaced by a new version of the Policy.

2.4.2. Amendments to the Policy are made by order of the General Director of the Company.

2.4.3. The current version of the Privacy Policy is always available at: https://ecoway.asia/privacy-policy

3. COMPOSITION OF PERSONAL DATA

3.1. The composition of personal and technical data processed by the Operator during any interaction with the website and/or mobile applications, upon visiting and/or registering for the purpose of concluding a Service Agreement, accepting an Offer, includes but is not limited to:

• when registering a Client on the website;
• when the Client uses the website, mobile applications, and services;
• when concluding and performing a Service Agreement between the Performer and the Customer, upon acceptance of a Request in the Service / mobile applications;
• when the Client fills in information fields on the Service / in the mobile applications, including when completing a contact form;
• when the Client sends messages or makes phone calls to the Operator;
• when the Client subscribes to newsletters.
   

3.2. The personal data of Clients includes, but is not limited to: last name, first name, patronymic (if applicable); year of birth; month of birth; date of birth; place of birth; address; as well as:

passport details, phone numbers, email address, taxpayer identification number, state pension insurance certificate number, employment record book information, disability status, COVID-19 vaccination information, citizenship, and other data necessary for concluding transactions by Clients via the Service.

3.3. The website and/or Service also collect and process anonymized electronic data of visitors, including electronic data (HTTP headers, IP address, cookies, web beacons/pixel tags, browser ID information, hardware and software data through web analytics services), including through the use of Yandex.Metrica metric programs. This involves actions such as collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, blocking, deletion, destruction, and transfer (provision, access) to the Operator’s partners who provide services using the specified metric programs.

3.4. The Service collects, stores, and uses data on the location of Clients using the "Djem Rabota" software suite and mobile application for the purpose of monitoring the fulfillment of Requests and analyzing the operation of the software. Collection of such data is carried out both in the active mode of the Service and when it is running in the background. Background location data is necessary to fulfill the contractual obligations of the Client and the Operator as provided by the General Terms of Service Use — available at: https://ecoway.asia/offer, including background location information being a necessary condition for Clients (Customers and Performers) to avoid missed appearances or failures to fulfill Requests, as well as for timely replacement by another available Performer in the given area at the given time. The Service has the right to transfer the collected location data of Clients to Customers, Performers, Corporate Users, and other persons using the Software for the purpose of fulfilling Requests. The processing of Clients' location data is inextricably linked with the primary purpose of the Service. The Service stores the obtained location data of Clients for 3 (three) years from the date of fulfillment of each individual Request, after which the data is stored in an anonymized form.

4. PURPOSE OF PERSONAL DATA PROCESSING

The Operator processes your Personal Information only in the following cases:

4.1. The processing is necessary for the fulfillment of the contractual obligations of the Clients and the Operator, as provided by the General Terms of Service Use — available at: https://ecoway.asia/offer, including ensuring the operation of the Website and the Service, and monitoring the fulfillment of accepted obligations.

4.2. The processing is necessary for the Operator to comply with obligations established by applicable law, including the performance of the functions of an electronic platform operator working with individuals applying a special tax regime in accordance with Federal Law No. 422-FZ dated 27.11.2018 on Professional Income Tax and the payment of such tax.

4.3. To better understand how you interact with our Website and/or Service.

4.4. To improve, modify, personalize, or otherwise enhance the Website and Service for the benefit of all Clients.

The Operator processes only such Personal Information as is relevant to achieving these purposes. In particular, the Operator processes your Personal Information for the following purposes:

4.5. Providing you with access to the Website and/or Service.

4.6. Providing access to your account if you are registered in the Service.

4.7. Communicating with you to send notifications, requests, and information related to the operation of the Website and the Service, fulfilling agreements with you, and monitoring and processing your requests and applications.

4.8. Improving the convenience and usability of the Website and Service.

4.9. Collecting, processing, and presenting statistical data and other research.

4.10. Complying with the requirements of the migration legislation of the Russian Federation.

5. COLLECTION, PROCESSING, AND PROTECTION OF PERSONAL DATA

5.1. Procedure for obtaining (collecting) personal data:

5.1.1. All personal data of the Client should be obtained directly from them, except for cases specified in Clauses 5.1.4 and 5.1.6 of this Policy and other cases provided for by the laws of the Russian Federation.

5.1.2. The Operator stores Clients' personal information on servers located in the Russian Federation.

5.1.3. The Client's consent to the processing of personal data remains valid for the entire duration of the contract and for 5 years after the termination of the contractual relationship. Upon expiration of this period, the consent is considered extended for each subsequent five-year period unless revoked.

5.1.4. If the Client's personal data can only be obtained from a third party, the Client must be notified in advance, and written consent must be obtained from them. The third party providing the Client’s personal data must have the Client’s consent to transfer such data to the Operator. The Operator must receive confirmation from the third party that the personal data is being transferred with the Client’s consent. When interacting with third parties, the Operator must enter into a confidentiality agreement regarding the Client’s personal data. The Operator has the right to obtain the Client’s consent to receive such personal data via the Service.

5.1.5. The Operator must inform the Client, including via the Service and the Regulatory Documents posted therein, about the purposes, intended sources, and methods of obtaining personal data, as well as the nature of the personal data to be obtained and the consequences of the Client's refusal to provide written consent for their collection.

5.1.6. Processing of Clients' personal data without their consent is permitted in the following cases:

• The personal data is publicly available.
• At the request of authorized state authorities in cases provided by federal law.
• Processing is carried out on the basis of a federal law that determines its purpose, conditions for obtaining personal data, the range of subjects whose data is to be processed, and the powers of the operator.
• Processing is carried out for the purpose of concluding and executing a contract to which the personal data subject — the User — is a party.
• Processing is carried out for statistical purposes with mandatory anonymization of the personal data.
• Other cases provided for by law.
   

5.1.7. The Operator is not entitled to receive or process the Client's personal data concerning their race, nationality, political opinions, religious or philosophical beliefs, or private life.

5.2. Procedure for processing personal data:

5.2.1. The Client provides the Operator with accurate information about themselves via the Service.

5.2.2. The Client's personal data is processed automatically, without the involvement of the Operator's personnel. If necessary, only persons authorized to work with personal data and who have signed a Non-Disclosure Agreement may gain access.

5.2.3. When determining the volume and content of the personal data to be processed, the Operator is guided by the Constitution of the Russian Federation, the Law on Personal Data, and other federal laws.

5.3. Protection of personal data:

5.3.1. Protection of the Client's personal data means a set of measures (organizational, technical, legal) aimed at preventing unlawful or accidental access, destruction, alteration, blocking, copying, distribution of personal data, and other unlawful actions.

5.3.2. Protection of the Client's personal data is ensured at the expense of the Company in accordance with the procedure established by federal law.

5.3.3. The Operator takes all necessary organizational, legal, and technical measures to protect Clients’ personal data, including:

• Antivirus protection;
• Appointment of a responsible person for ensuring personal data security;
• Detection and prevention of intrusions;
• Access control management;
• Registration and accounting;
• Ensuring data integrity;
• Development of internal regulatory documents governing personal data protection.
   

5.3.4. Clients’ personal data stored in electronic databases is protected by the Operator from unauthorized access, alteration, destruction, and other unlawful actions.

5.4. Protection of access to electronic databases containing Clients’ personal data is ensured by the Operator by:

• Using licensed antivirus and anti-hacking software to prevent unauthorized access to the Operator's local network;
• Differentiating access rights via user accounts;
• A two-level password system: at the local computer network level and the database level. Passwords are set by the Company’s System Administrator and are individually provided to employees with access to Clients’ personal data.
   

5.4.1. Unauthorized access to PCs containing Clients’ personal data is blocked by a password set by the System Administrator, which is not subject to disclosure.

5.4.2. Responses to written requests from other organizations and institutions regarding Clients’ personal data are provided only with the Client’s written consent, unless otherwise required by law. Responses are prepared in writing, on the Operator's letterhead, and only contain the necessary amount of personal data to avoid excessive disclosure.

5.5. Use of “cookies”

5.5.1. The Operator uses “cookies” on the Website.

5.5.2. Cookies are used by the Operator for the purpose of:

• Ensuring the operation and improving the quality of the Website;
• Reducing risks, preventing potential fraud, and ensuring security during Website use;
• Storing personal user preferences and settings;
• Performing analytics.
   

5.5.3. The User may manage cookies independently. The browser used may allow blocking, deleting, or otherwise restricting the use of cookies. To learn how to manage cookies using your browser or device, please refer to the instructions provided by the browser developer or device manufacturer.

5.5.4. When deleting or restricting the use of cookies, some features of the Website may become unavailable.

5.5.5. Processed cookies are destroyed or anonymized upon achieving the above purposes or when there is no longer a need to achieve these purposes.

6. BLOCKING, ANONYMIZATION, AND DESTRUCTION OF PERSONAL DATA

6.1. Procedure for blocking and unblocking personal data:

6.1.1. Blocking of personal data includes the following measures:

• Prohibition on editing personal data;
• Prohibition on distributing personal data by any means (e-mail, mobile communication, physical media);
• Prohibition on the use of personal data in mass mailings (SMS, e-mail, postal services);
• Removal of paper documents containing the Client’s personal data from the Company's internal workflow and prohibition of their use.
   

6.1.2. The blocking of the Client’s personal data may be temporarily lifted if required for compliance with the legislation of the Russian Federation.

6.2. Procedure for anonymization and destruction of personal data:

6.2.1. Anonymization of the Client's personal data is carried out upon the Client's written request, provided that all contractual relationships have been completed and at least 5 years have passed since the end date of the last agreement.

6.2.2. During anonymization, personal data in information systems is replaced with a set of characters that makes it impossible to determine the personal data's association with a specific Client.

6.2.3. Paper documents containing personal data are destroyed during the anonymization process.

6.2.4. Destruction of the Client’s personal data means the termination of any access to the Client’s personal data.

6.2.5. After the destruction of personal data, Company employees cannot access the subject's personal data in information systems.

6.2.6. When destroying personal data, paper documents are destroyed, and personal data in information systems is anonymized. The personal data cannot be restored.

6.2.7. The destruction of personal data is an irreversible process.

6.2.8. The period after which the Client's personal data can be destroyed is determined by the expiration period specified in Clause 7.3 of this Policy.

7. TRANSFER AND STORAGE OF PERSONAL DATA

7.1.1. The transfer of personal data to third parties is carried out for the purpose of verifying the Client's identity when providing services under the Service Agreement of the General Terms of Use of the software package: https://ecoway.asia/offer

7.1.2. The transfer of the subject's personal data includes the dissemination of information via communication channels and on physical media.

7.1.3. When transferring personal data, the Operator must comply with the following requirements:

7.1.3.1. Inform the persons receiving the Client’s personal data that these data may only be used for the purposes for which they were provided, and require confirmation from such persons that this rule will be observed;

7.1.3.2. Allow access to the Client’s personal data only to specifically authorized persons, ensuring that such persons are entitled to receive only those personal data that are necessary to perform specific functions;

7.1.3.3. Transfer the Client’s personal data to the Client’s representatives in accordance with applicable legislation and regulatory and technical documentation, limiting this information to only those personal data that are necessary for the representatives to fulfill their functions.

8. CROSS-BORDER TRANSFER

8.1. Before carrying out the cross-border transfer of personal data, the Operator must ensure that the foreign state to which the personal data is to be transferred provides reliable protection of the rights of personal data subjects. Cross-border transfer of personal data to foreign states that do not meet the above requirements may only be carried out with the written consent of the personal data subject and/or for the purpose of fulfilling a contract to which the personal data subject is a party.

9. STORAGE OF PERSONAL DATA

9.1. The Operator stores Clients' personal information on servers located in the Russian Federation.

9.2. Storage of personal data includes the existence of records in information systems and on physical media.

10. RETENTION PERIOD OF PERSONAL DATA

10.1. The retention period for civil law contracts containing Clients’ personal data, as well as accompanying documents related to their conclusion and execution, is 5 years from the date of termination of such contracts.

10.2. During the retention period, personal data cannot be anonymized or destroyed.

10.3. Upon expiration of the retention period, personal data may be anonymized in information systems and destroyed in paper form in accordance with this Policy and applicable laws of the Russian Federation.

11. RIGHTS OF THE OPERATOR AND THE CLIENT OF PERSONAL DATA

The Operator has the right to:

11.1. Defend its interests in court.

11.2. Provide Clients’ personal data to third parties if required by applicable law (tax authorities, law enforcement agencies, etc.).

11.3. Refuse to provide personal data in cases stipulated by law.

11.4. Use the Client's personal data without their consent in cases provided for by the legislation of the Russian Federation.

The Client has the right to:

11.5. Demand clarification of their personal data, blocking or destruction of such data if the personal data are incomplete, outdated, inaccurate, illegally obtained, or not necessary for the stated purpose of processing, as well as to take measures provided by law to protect their rights.

11.6. At any time withdraw their consent to the processing of their personal data by sending the Operator a notification to the e-mail address: info@wfmt.ltd with the subject “Withdrawal of consent to the processing of personal data”.

12. LIABILITY FOR VIOLATION OF RULES REGULATING THE PROCESSING AND PROTECTION OF PERSONAL DATA

12.1. Persons found guilty of violating the rules governing the collection, processing, and protection of personal data shall bear disciplinary, administrative, civil, or criminal liability in accordance with the current legislation of the Russian Federation and the internal local regulations of the Company.

Annex No. 1 to the Policy on the Processing and Protection of Personal Data

Consent to the processing, transfer, and storage of personal data

I (the Client) hereby give my consent to LLC "VFM Technology" (OGRN 1217700003586, established under the laws of the Russian Federation and registered at: 121205, Moscow, Skolkovo Innovation Center territory, Bolshoy Boulevard, 42, building 1 – the Operator) for the processing of my personal data provided by me (as well as received from any third parties), namely:

• Last name, first name, patronymic;
• Date and place of birth;
• Gender;
• Passport details: series and number, issuing authority, department code, date of issue;
• Taxpayer identification details;
• Address of registration and residence;
• Contact phone numbers (mobile phone registered in the Client’s name);
• Client’s e-mail address;
• Information necessary for making payments in favor of the Client (Client's bank account details);
• Information on the types of activities performed by the Client;
• Information on the history of using the Website and Service: quantity, cost, geolocation data, duration of requests in which the Client was involved in creation or execution;
• Photographs of the Client;
• Employment record book data;
• Health book data, information on disability status;
• Information on COVID-19 vaccination;
• Geolocation data, including in the background, to control the execution of the accepted request and/or to receive information about urgent request fulfillment;
• Information on compliance with migration legislation requirements: images of migration cards, images of the notification of arrival of a foreign citizen at a place of stay (detachable part) with a mark from the migration registration authority on the acceptance of the notification and registration, image of the document page with a mark on temporary residence permit, image of the residence permit, images of other documents confirming the legality of the Client’s stay (residence) in the Russian Federation and compliance with migration law requirements;
• Documents confirming the right to operate floor wheeled industrial transport (forklifts, electric loaders, carts, wagons) and continuous industrial transport;
• Documents confirming the assignment (confirmation) of the relevant electrical safety clearance group.
   

The Operator automatically receives certain types of information generated during the Client's interaction with the Service. These include technologies and services such as web protocols, cookies, web beacons, as well as applications and tools of third parties mentioned.

2. I provide my consent for the processing of personal data for the purposes of concluding and fulfilling Service Agreements with the Customer via the Operator's Service.

3. My personal data will be processed by the Operator to the extent necessary to achieve the purposes specified in Section 4 of the Privacy Policy, using the following possible methods: collection, recording (including on electronic media), systematization, accumulation, storage, list compilation, labeling, updating (modification, amendment), retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, destruction, as well as any other actions in accordance with the applicable laws of the Russian Federation. Processing may be carried out both with and without the use of automation tools.

4. I (the Client) have the right to withdraw my consent to the processing of personal data by deleting my profile on the Website.

5. I (the Client) acknowledge that identification and authentication tools on the Service are sufficient to establish the person from whom the relevant documents and actions on the Service originate.

6. I (the Client) agree that authentication data is equivalent to my handwritten signature, and actions with my personal data using such authentication data have legal consequences similar to those resulting from using my handwritten signature in accordance with the legislation of the Russian Federation. All documents related to the execution and certified with an analogue of my handwritten signature are equivalent to documents on paper media personally signed by me.

Annex No. 2 to the Policy on the Processing and Protection of Personal Data

Consent to the processing of personal data permitted by the personal data subject for dissemination

I, the Client, who is registering in the Operator's Service, in accordance with Article 10.1 of Federal Law No. 152-FZ of July 27, 2006 "On Personal Data," hereby declare my consent to the processing for dissemination of my personal data

by the Operator — LLC "VFM Technology," for the purpose of concluding and fulfilling Service Agreements between me and the Customers registered in the Service, in the following manner:

General personal data:

Surname
Consent to distribution: Yes
To an unlimited circle of persons: Yes

First name
Consent to distribution: Yes
To an unlimited circle of persons: Yes

Patronymic (Middle name)
Consent to distribution: Yes
To an unlimited circle of persons: Yes

Year of birth
Consent to distribution: Yes
To an unlimited circle of persons: Yes

Date of birth
Consent to distribution: Yes
To an unlimited circle of persons: Yes

Month of birth
Consent to distribution: Yes
To an unlimited circle of persons: Yes

Place of birth
Consent to distribution: Yes
To an unlimited circle of persons: Yes

Education
Consent to distribution: Yes
To an unlimited circle of persons: Yes

Gender
Consent to distribution: Yes
To an unlimited circle of persons: Yes

Citizenship
Consent to distribution: Yes
To an unlimited circle of persons: Yes

Special personal data:

Data from medical record / absence of disability
Consent to distribution: Yes
To an unlimited circle of persons: Yes

COVID-19 vaccination data
Consent to distribution: Yes
To an unlimited circle of persons: Yes

Biometric data:

Colored digital photographic image of the face
Consent to distribution: Yes
To an unlimited circle of persons: Yes

General personal data (continued):

Taxpayer Identification Number (INN)
Consent to distribution: Yes
To an unlimited circle of persons: Yes

Insurance Number of Individual Ledger Account (SNILS)
Consent to distribution: Yes
To an unlimited circle of persons: Yes

Location data (geolocation), including background mode
Consent to distribution: Yes
To an unlimited circle of persons: Yes

Information about the Operator’s information resources through which access will be provided to an unlimited number of persons and other actions with the Client’s personal data will be carried out:

Information resources and actions with personal data:

Website on the Internet https://jamjob.ru/ — transfer (dissemination, provision, access)

Application "Jam Job" (Google Play Market), Service "Jam Job" (Software complex "Jam Job") — transfer (dissemination, provision, access)

This Consent is given for the duration of the Client's personal profile existence in the Service and/or on the Operator’s Website.

I (the Client) have the right to withdraw my consent to the transfer and dissemination of personal data by deleting my profile on the Website.

I (the Client) acknowledge that the means of identification and authentication in the Service are sufficient to establish the identity of the person from whom the relevant documents and actions in the Service originate;

I (the Client) agree that authentication data are recognized as the equivalent of my handwritten signature, and actions performed with my personal data using authentication data have legal consequences equivalent to the use of handwritten signatures in accordance with the requirements of the legislation of the Russian Federation, and all documents related to execution and certified by the equivalent of my handwritten signature are equivalent to documents on paper personally signed by me.